Security Basics mailing list archives
RE: MSN virus
From: "Lozano, Renato" <renato.lozano () moneris com>
Date: Thu, 4 Feb 2010 14:02:38 -0500
Hi All, I have received two e-mails from friends that have hotmail accounts with no subject and only the following links : http://sites.google.com/site/dfysdu6as/vlmg8c http://sites.google.com/site/jksu78guo/mkkf1o I contacted them and they did not send the e-mail. -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Todd Haverkos Sent: Thursday, February 04, 2010 12:49 PM To: xiandu () latech edu Cc: security-basics Subject: Re: MSN virus xiandu () latech edu writes:
Hi, My MSN contacts told me that they obtained a message from me to go to website although I was not on MSN. I hear it is virus and have no idea about the nature and removal methods. Could any experts help? thanks xian
Hi Xian, I don't feel expert at this specific issue by any stretch, but a friend of mine who is a hotmail user also recently had a hotmail account compromised in what sounds like a similar fashion. She found out through friends since all her hotmail contacts had received a message from her account saying she was out of the country, in trouble, and needed money. Her account had the password changed and she was locked out. I think similar things have targetted facebook users. I wasn't able to determine the root cause of her compromise. It didn't seem to be malware on her home computer, or a laptop she'd used, but a relative's computer may have been involved (which wasn't available for analysis). She vaguely recalled clicking on an attachment or URL in her email while using the relative's computer that roused her suspicion, but that incident preceded the emails went out to all contacts and the password getting changed by a day or two. The good news is that Microsoft was able to get her control of her account again--it took a few days. There was some help link on hotmail where she could report a hijacked account. I'm not sure if the thing she clicked on 2 days before the mail went out _was_ the attack, or if it was an attack on password reset questions, or brute forcing of bad passwords, malware keylogging passwords on compromised machines, or some web application based vulnerability in msn or hotmail themselves... but I'm curious of others experience of similar issues. -- Todd Haverkos, LPT MsCompE http://haverkos.com/ ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442 f727d1 ------------------------------------------------------------------------ ______________________________________________________________________ This e-mail may be privileged and/or confidential, and the sender does not waive any related rights and obligations.Any distribution, use or copying of this e-mail or the information it contains by other than an intended recipient is unauthorized.If you received this e-mail in error, please advise me (by return e-mail or otherwise) immediately. ______________________________________________________________________ This e-mail may be privileged and/or confidential, and the sender does not waive any related rights and obligations.Any distribution, use or copying of this e-mail or the information it contains by other than an intended recipient is unauthorized.If you received this e-mail in error, please advise me (by return e-mail or otherwise) immediately. ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- MSN virus xiandu (Feb 04)
- Re: MSN virus Henri Salo (Feb 04)
- Re: MSN virus Ramki B Ramakrishnan (Feb 05)
- Re: MSN virus Todd Haverkos (Feb 04)
- RE: MSN virus Lozano, Renato (Feb 05)
- Re: MSN virus xiandu (Feb 05)
- Re: MSN virus xiandu (Feb 05)
- Re: MSN virus Todd Haverkos (Feb 08)
- <Possible follow-ups>
- Re: Re: MSN virus taser3000 (Feb 05)
- Re: MSN virus Henri Salo (Feb 04)